Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

Chapter 14. Installation configuration parameters for GCP


Before you deploy an OpenShift Container Platform cluster on Google Cloud Platform (GCP), you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml file to customize your cluster further.

14.1. Available installation configuration parameters for GCP

The following tables specify the required, optional, and GCP-specific installation configuration parameters that you can set as part of the installation process.

Important

After installation, you cannot change these parameters in the install-config.yaml file.

14.1.1. Required configuration parameters

Required installation configuration parameters are described in the following table:

Expand
Table 14.1. Required parameters
ParameterDescriptionValues
apiVersion:
Copy to Clipboard Toggle word wrap

The API version for the install-config.yaml content. The current version is v1. The installation program might also support older API versions.

String

baseDomain:
Copy to Clipboard Toggle word wrap

The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the baseDomain and metadata.name parameter values that uses the <metadata.name>.<baseDomain> format.

A fully-qualified domain or subdomain name, such as example.com.

metadata:
Copy to Clipboard Toggle word wrap

Kubernetes resource ObjectMeta, from which only the name parameter is consumed.

Object

metadata:
  name:
Copy to Clipboard Toggle word wrap

The name of the cluster. DNS records for the cluster are all subdomains of {{.metadata.name}}.{{.baseDomain}}.

String of lowercase letters, hyphens (-), and periods (.), such as dev.

platform:
Copy to Clipboard Toggle word wrap

The configuration for the specific platform upon which to perform the installation: aws, baremetal, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}. For additional information about platform.<platform> parameters, consult the table for your specific platform that follows.

Object

pullSecret:
Copy to Clipboard Toggle word wrap

Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io.

{
   "auths":{
      "cloud.openshift.com":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      },
      "quay.io":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      }
   }
}
Copy to Clipboard Toggle word wrap

14.1.2. Network configuration parameters

You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or configure different IP address blocks than the defaults.

Only IPv4 addresses are supported.

Expand
Table 14.2. Network parameters
ParameterDescriptionValues
networking:
Copy to Clipboard Toggle word wrap

The configuration for the cluster network.

Object

Note

You cannot change parameters specified by the networking object after installation.

networking:
  networkType:
Copy to Clipboard Toggle word wrap

The Red Hat OpenShift Networking network plugin to install.

OVNKubernetes. OVNKubernetes is a Container Network Interface (CNI) plugin for Linux networks and hybrid networks that contain both Linux and Windows servers. The default value is OVNKubernetes.

networking:
  clusterNetwork:
Copy to Clipboard Toggle word wrap

The IP address blocks for pods.

The default value is 10.128.0.0/14 with a host prefix of /23.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
Copy to Clipboard Toggle word wrap
networking:
  clusterNetwork:
    cidr:
Copy to Clipboard Toggle word wrap

Required if you use networking.clusterNetwork. An IP address block.

An IPv4 network.

An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between 0 and 32.

networking:
  clusterNetwork:
    hostPrefix:
Copy to Clipboard Toggle word wrap

The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23 then each node is assigned a /23 subnet out of the given cidr. A hostPrefix value of 23 provides 510 (2^(32 - 23) - 2) pod IP addresses.

A subnet prefix.

The default value is 23.

networking:
  serviceNetwork:
Copy to Clipboard Toggle word wrap

The IP address block for services. The default value is 172.30.0.0/16.

The OVN-Kubernetes network plugins supports only a single IP address block for the service network.

An array with an IP address block in CIDR format. For example:

networking:
  serviceNetwork:
   - 172.30.0.0/16
Copy to Clipboard Toggle word wrap
networking:
  machineNetwork:
Copy to Clipboard Toggle word wrap

The IP address blocks for machines.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  machineNetwork:
  - cidr: 10.0.0.0/16
Copy to Clipboard Toggle word wrap
networking:
  machineNetwork:
    cidr:
Copy to Clipboard Toggle word wrap

Required if you use networking.machineNetwork. An IP address block. The default value is 10.0.0.0/16 for all platforms other than libvirt and IBM Power® Virtual Server. For libvirt, the default value is 192.168.126.0/24. For IBM Power® Virtual Server, the default value is 192.168.0.0/24.

An IP network block in CIDR notation.

For example, 10.0.0.0/16.

Note

Set the networking.machineNetwork to match the CIDR that the preferred NIC resides in.

14.1.3. Optional configuration parameters

Optional installation configuration parameters are described in the following table:

Expand
Table 14.3. Optional parameters
ParameterDescriptionValues
additionalTrustBundle:
Copy to Clipboard Toggle word wrap

A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle might also be used when a proxy has been configured.

String

capabilities:
Copy to Clipboard Toggle word wrap

Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing.

String array

capabilities:
  baselineCapabilitySet:
Copy to Clipboard Toggle word wrap

Selects an initial set of optional capabilities to enable. Valid values are None, v4.11, v4.12 and vCurrent. The default value is vCurrent.

String

capabilities:
  additionalEnabledCapabilities:
Copy to Clipboard Toggle word wrap

Extends the set of optional capabilities beyond what you specify in baselineCapabilitySet. You can specify multiple capabilities in this parameter.

String array

cpuPartitioningMode:
Copy to Clipboard Toggle word wrap

Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. You can only enable workload partitioning during installation. You cannot disable it after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section.

None or AllNodes. None is the default value.

compute:
Copy to Clipboard Toggle word wrap

The configuration for the machines that comprise the compute nodes.

Array of MachinePool objects.

compute:
  architecture:
Copy to Clipboard Toggle word wrap

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64.

String

compute:
  hyperthreading:
Copy to Clipboard Toggle word wrap

Whether to enable or disable simultaneous multithreading, or hyperthreading, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

compute:
  name:
Copy to Clipboard Toggle word wrap

Required if you use compute. The name of the machine pool.

worker

compute:
  platform:
Copy to Clipboard Toggle word wrap

Required if you use compute. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the controlPlane.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

compute:
  replicas:
Copy to Clipboard Toggle word wrap

The number of compute machines, which are also known as worker machines, to provision.

A positive integer greater than or equal to 2. The default value is 3.

featureSet:
Copy to Clipboard Toggle word wrap

Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".

String. The name of the feature set to enable, such as TechPreviewNoUpgrade.

controlPlane:
Copy to Clipboard Toggle word wrap

The configuration for the machines that form the control plane.

Array of MachinePool objects.

controlPlane:
  architecture:
Copy to Clipboard Toggle word wrap

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64.

String

controlPlane:
  hyperthreading:
Copy to Clipboard Toggle word wrap

Whether to enable or disable simultaneous multithreading, or hyperthreading, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

controlPlane:
  name:
Copy to Clipboard Toggle word wrap

Required if you use controlPlane. The name of the machine pool.

master

controlPlane:
  platform:
Copy to Clipboard Toggle word wrap

Required if you use controlPlane. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the compute.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

controlPlane:
  replicas:
Copy to Clipboard Toggle word wrap

The number of control plane machines to provision.

Supported values are 3, or 1 when deploying single-node OpenShift.

credentialsMode:
Copy to Clipboard Toggle word wrap

The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.

Note

Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the Authentication and authorization content.

Mint, Passthrough, Manual or an empty string ("").

fips:
Copy to Clipboard Toggle word wrap

Enable or disable FIPS mode. The default is false (disabled). If you enable FIPS mode, the Red Hat Enterprise Linux CoreOS (RHCOS) machines that OpenShift Container Platform runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that RHCOS provides instead.

Important

To enable FIPS mode for your cluster, you must run the installation program from a Red Hat Enterprise Linux (RHEL) computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see Switching RHEL to FIPS mode.

When running Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) booted in FIPS mode, OpenShift Container Platform core components use the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.

Important

If you are using Azure File storage, you cannot enable FIPS mode.

false or true

imageContentSources:
Copy to Clipboard Toggle word wrap

Sources and repositories for the release-image content.

Array of objects. Includes a source and, optionally, mirrors, as described in the following rows of this table.

imageContentSources:
  source:
Copy to Clipboard Toggle word wrap

Required if you use imageContentSources. Specify the repository that users refer to, for example, in image pull specifications.

String

imageContentSources:
  mirrors:
Copy to Clipboard Toggle word wrap

Specify one or more repositories that might also contain the same images.

Array of strings

publish:
Copy to Clipboard Toggle word wrap

How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.

Internal or External. To deploy a private cluster that cannot be accessed from the internet, set the publish parameter to Internal. The default value is External.

sshKey:
Copy to Clipboard Toggle word wrap

The SSH key to authenticate access to your cluster machines.

Note

For production OpenShift Container Platform clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your ssh-agent process uses.

For example, sshKey: ssh-ed25519 AAAA...

Note

If you are installing on GCP into a shared virtual private cloud (VPC), credentialsMode must be set to Passthrough or Manual.

Important

Setting this parameter to Manual enables alternatives to storing administrator-level secrets in the kube-system project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".

14.1.4. Additional Google Cloud Platform (GCP) configuration parameters

Additional GCP configuration parameters are described in the following table:

Expand
Table 14.4. Additional GCP parameters
ParameterDescriptionValues
controlPlane:
  platform:
    gcp:
      osImage:
        project:
Copy to Clipboard Toggle word wrap

Optional. By default, the installation program downloads and installs the Red Hat Enterprise Linux CoreOS (RHCOS) image that is used to boot control plane machines. You can override the default behavior by specifying the location of a custom RHCOS image that the installation program is to use for control plane machines only. Control plane machines do not contribute to licensing costs when using the default image. But, if you apply a GCP Marketplace image for a control plane machine, usage costs do apply.

String. The name of GCP project where the image is located.

controlPlane:
  platform:
    gcp:
      osImage:
        name:
Copy to Clipboard Toggle word wrap

The name of the custom RHCOS image that the installation program is to use to boot control plane machines. If you use controlPlane.platform.gcp.osImage.project, this field is required.

String. The name of the RHCOS image.

compute:
  platform:
    gcp:
      osImage:
        project:
Copy to Clipboard Toggle word wrap

Optional. By default, the installation program downloads and installs the RHCOS image that is used to boot compute machines. You can override the default behavior by specifying the location of a custom RHCOS image that the installation program is to use for compute machines only.

String. The name of GCP project where the image is located.

compute:
  platform:
    gcp:
      osImage:
        name:
Copy to Clipboard Toggle word wrap

The name of the custom RHCOS image that the installation program is to use to boot compute machines. If you use compute.platform.gcp.osImage.project, this field is required.

String. The name of the RHCOS image.

compute:
  platform:
    gcp:
      serviceAccount:
Copy to Clipboard Toggle word wrap

Specifies the email address of a Google Cloud service account to be used during installations. This service account is used to provision compute machines.

String. The email address of the service account.

platform:
  gcp:
    network:
Copy to Clipboard Toggle word wrap

The name of the existing Virtual Private Cloud (VPC) where you want to deploy your cluster. If you want to deploy your cluster into a shared VPC, you must set platform.gcp.networkProjectID with the name of the GCP project that contains the shared VPC.

String.

platform:
  gcp:
    networkProjectID:
Copy to Clipboard Toggle word wrap

Optional. The name of the GCP project that contains the shared VPC where you want to deploy your cluster.

String.

platform:
  gcp:
    projectID:
Copy to Clipboard Toggle word wrap

The name of the GCP project where the installation program installs the cluster.

String.

platform:
  gcp:
    region:
Copy to Clipboard Toggle word wrap

The name of the GCP region that hosts your cluster.

Any valid region name, such as us-central1.

platform:
  gcp:
    controlPlaneSubnet:
Copy to Clipboard Toggle word wrap

The name of the existing subnet where you want to deploy your control plane machines.

The subnet name.

platform:
  gcp:
    computeSubnet:
Copy to Clipboard Toggle word wrap

The name of the existing subnet where you want to deploy your compute machines.

The subnet name.

platform:
  gcp:
    defaultMachinePlatform:
      zones:
Copy to Clipboard Toggle word wrap

The availability zones where the installation program creates machines.

A list of valid GCP availability zones, such as us-central1-a, in a YAML sequence.

Important

When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU’s are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        diskSizeGB:
Copy to Clipboard Toggle word wrap

The size of the disk in gigabytes (GB).

Any size between 16 GB and 65536 GB.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        diskType:
Copy to Clipboard Toggle word wrap

The GCP disk type.

The default disk type for all machines. Valid values are pd-balanced, pd-ssd, pd-standard, or hyperdisk-balanced. The default value is pd-ssd. Control plane machines cannot use the pd-standard disk type, so if you specify pd-standard as the default machine platform disk type, you must specify a different disk type using the controlPlane.platform.gcp.osDisk.diskType parameter.

platform:
  gcp:
    defaultMachinePlatform:
      osImage:
        project:
Copy to Clipboard Toggle word wrap

Optional. By default, the installation program downloads and installs the RHCOS image that is used to boot control plane and compute machines. You can override the default behavior by specifying the location of a custom RHCOS image that the installation program is to use for both types of machines.

String. The name of GCP project where the image is located.

platform:
  gcp:
    defaultMachinePlatform:
      osImage:
        name:
Copy to Clipboard Toggle word wrap

The name of the custom RHCOS image that the installation program is to use to boot control plane and compute machines. If you use platform.gcp.defaultMachinePlatform.osImage.project, this field is required.

String. The name of the RHCOS image.

platform:
  gcp:
    defaultMachinePlatform:
      tags:
Copy to Clipboard Toggle word wrap

Optional. Additional network tags to add to the control plane and compute machines.

One or more strings, for example network-tag1.

platform:
  gcp:
    defaultMachinePlatform:
      type:
Copy to Clipboard Toggle word wrap

The GCP machine type for control plane and compute machines.

The GCP machine type, for example n1-standard-4.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        encryptionKey:
          kmsKey:
            name:
Copy to Clipboard Toggle word wrap

The name of the customer managed encryption key to be used for machine disk encryption.

The encryption key name.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        encryptionKey:
          kmsKey:
            keyRing:
Copy to Clipboard Toggle word wrap

The name of the Key Management Service (KMS) key ring to which the KMS key belongs.

The KMS key ring name.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        encryptionKey:
          kmsKey:
            location:
Copy to Clipboard Toggle word wrap

The GCP location in which the KMS key ring exists.

The GCP location.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        encryptionKey:
          kmsKey:
            projectID:
Copy to Clipboard Toggle word wrap

The ID of the project in which the KMS key ring exists. This value defaults to the value of the platform.gcp.projectID parameter if it is not set.

The GCP project ID.

platform:
  gcp:
    defaultMachinePlatform:
      osDisk:
        encryptionKey:
          kmsKeyServiceAccount:
Copy to Clipboard Toggle word wrap

The GCP service account used for the encryption request for control plane and compute machines. If absent, the Compute Engine default service account is used. For more information about GCP service accounts, see Google’s documentation on service accounts.

The GCP service account email, for example <service_account_name>@<project_id>.iam.gserviceaccount.com.

platform:
  gcp:
    defaultMachinePlatform:
      secureBoot:
Copy to Clipboard Toggle word wrap

Whether to enable Shielded VM secure boot for all machines in the cluster. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google’s documentation on Shielded VMs.

Enabled or Disabled. The default value is Disabled.

platform:
  gcp:
    defaultMachinePlatform:
      confidentialCompute:
Copy to Clipboard Toggle word wrap

Whether to use Confidential VMs for all machines in the cluster. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google’s documentation on Confidential computing.

Enabled or Disabled. The default value is Disabled.

platform:
  gcp:
    defaultMachinePlatform:
      onHostMaintenance:
Copy to Clipboard Toggle word wrap

Specifies the behavior of all VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to Terminate. Confidential VMs do not support live VM migration.

Terminate or Migrate. The default value is Migrate.

controlPlane:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            name:
Copy to Clipboard Toggle word wrap

The name of the customer managed encryption key to be used for control plane machine disk encryption.

The encryption key name.

controlPlane:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            keyRing:
Copy to Clipboard Toggle word wrap

For control plane machines, the name of the KMS key ring to which the KMS key belongs.

The KMS key ring name.

controlPlane:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            location:
Copy to Clipboard Toggle word wrap

For control plane machines, the GCP location in which the key ring exists. For more information about KMS locations, see Google’s documentation on Cloud KMS locations.

The GCP location for the key ring.

controlPlane:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            projectID:
Copy to Clipboard Toggle word wrap

For control plane machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.

The GCP project ID.

controlPlane:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKeyServiceAccount:
Copy to Clipboard Toggle word wrap

The GCP service account used for the encryption request for control plane machines. If absent, the Compute Engine default service account is used. For more information about GCP service accounts, see Google’s documentation on service accounts.

The GCP service account email, for example <service_account_name>@<project_id>.iam.gserviceaccount.com.

controlPlane:
  platform:
    gcp:
      osDisk:
        diskSizeGB:
Copy to Clipboard Toggle word wrap

The size of the disk in gigabytes (GB). This value applies to control plane machines.

Any integer between 16 and 65536.

controlPlane:
  platform:
    gcp:
      osDisk:
        diskType:
Copy to Clipboard Toggle word wrap

The GCP disk type for control plane machines.

Valid values are pd-balanced, pd-ssd, or hyperdisk-balanced. The default value is pd-ssd.

controlPlane:
  platform:
    gcp:
      tags:
Copy to Clipboard Toggle word wrap

Optional. Additional network tags to add to the control plane machines. If set, this parameter overrides the platform.gcp.defaultMachinePlatform.tags parameter for control plane machines.

One or more strings, for example control-plane-tag1.

controlPlane:
  platform:
    gcp:
      type:
Copy to Clipboard Toggle word wrap

The GCP machine type for control plane machines. If set, this parameter overrides the platform.gcp.defaultMachinePlatform.type parameter.

The GCP machine type, for example n1-standard-4.

controlPlane:
  platform:
    gcp:
      zones:
Copy to Clipboard Toggle word wrap

The availability zones where the installation program creates control plane machines.

A list of valid GCP availability zones, such as us-central1-a, in a YAML sequence.

Important

When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU’s are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.

controlPlane:
  platform:
    gcp:
      secureBoot:
Copy to Clipboard Toggle word wrap

Whether to enable Shielded VM secure boot for control plane machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google’s documentation on Shielded VMs.

Enabled or Disabled. The default value is Disabled.

controlPlane:
  platform:
    gcp:
      confidentialCompute:
Copy to Clipboard Toggle word wrap

Whether to enable Confidential VMs for control plane machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google’s documentation on Confidential Computing.

Enabled or Disabled. The default value is Disabled.

controlPlane:
  platform:
    gcp:
      onHostMaintenance:
Copy to Clipboard Toggle word wrap

Specifies the behavior of control plane VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to Terminate. Confidential VMs do not support live VM migration.

Terminate or Migrate. The default value is Migrate.

controlPlane:
  platform:
    gcp:
      serviceAccount:
Copy to Clipboard Toggle word wrap

Specifies the email address of a Google Cloud service account to be used during installations. This service account is used to provision control plane machines.

Important

In the case of shared VPC installations, when the service account is not provided, the installer service account must have the resourcemanager.projects.getIamPolicy and resourcemanager.projects.setIamPolicy permissions in the host project.

String. The email address of the service account.

compute:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            name:
Copy to Clipboard Toggle word wrap

The name of the customer managed encryption key to be used for compute machine disk encryption.

The encryption key name.

compute:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            keyRing:
Copy to Clipboard Toggle word wrap

For compute machines, the name of the KMS key ring to which the KMS key belongs.

The KMS key ring name.

compute:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            location:
Copy to Clipboard Toggle word wrap

For compute machines, the GCP location in which the key ring exists. For more information about KMS locations, see Google’s documentation on Cloud KMS locations.

The GCP location for the key ring.

compute:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKey:
            projectID:
Copy to Clipboard Toggle word wrap

For compute machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.

The GCP project ID.

compute:
  platform:
    gcp:
      osDisk:
        encryptionKey:
          kmsKeyServiceAccount:
Copy to Clipboard Toggle word wrap

The GCP service account used for the encryption request for compute machines. If this value is not set, the Compute Engine default service account is used. For more information about GCP service accounts, see Google’s documentation on service accounts.

The GCP service account email, for example <service_account_name>@<project_id>.iam.gserviceaccount.com.

compute:
  platform:
    gcp:
      osDisk:
        diskSizeGB:
Copy to Clipboard Toggle word wrap

The size of the disk in gigabytes (GB). This value applies to compute machines.

Any integer between 16 and 65536.

compute:
  platform:
    gcp:
      osDisk:
        diskType:
Copy to Clipboard Toggle word wrap

The GCP disk type for compute machines.

Valid values are pd-balanced, pd-ssd, pd-standard, or hyperdisk-balanced. The default value is pd-ssd.

compute:
  platform:
    gcp:
      tags:
Copy to Clipboard Toggle word wrap

Optional. Additional network tags to add to the compute machines. If set, this parameter overrides the platform.gcp.defaultMachinePlatform.tags parameter for compute machines.

One or more strings, for example compute-network-tag1.

compute:
  platform:
    gcp:
      type:
Copy to Clipboard Toggle word wrap

The GCP machine type for compute machines. If set, this parameter overrides the platform.gcp.defaultMachinePlatform.type parameter.

The GCP machine type, for example n1-standard-4.

compute:
  platform:
    gcp:
      zones:
Copy to Clipboard Toggle word wrap

The availability zones where the installation program creates compute machines.

A list of valid GCP availability zones, such as us-central1-a, in a YAML sequence.

Important

When running your cluster on GCP 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU’s are available. You can find which zones are compatible with 64-bit ARM processors in the "GCP availability zones" link.

compute:
  platform:
    gcp:
      secureBoot:
Copy to Clipboard Toggle word wrap

Whether to enable Shielded VM secure boot for compute machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google’s documentation on Shielded VMs.

Enabled or Disabled. The default value is Disabled.

compute:
  platform:
    gcp:
      confidentialCompute:
Copy to Clipboard Toggle word wrap

Whether to enable Confidential VMs for compute machines. Confidential VMs provide encryption for data while it is being processed. For more information on Confidential VMs, see Google’s documentation on Confidential Computing.

Enabled or Disabled. The default value is Disabled.

compute:
  platform:
    gcp:
      onHostMaintenance:
Copy to Clipboard Toggle word wrap

Specifies the behavior of compute VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to Terminate. Confidential VMs do not support live VM migration.

Terminate or Migrate. The default value is Migrate.

Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat